@j0emccray Great presentation! I've been developing in PHP and MySQL for a few years and just recently had my first security issue. I used stumble upon to search for sql injection and stumbled onto this video. I probably could have taken a six week class and not gotten as much out of your presentation. Keep up the good work.
@Wolver1nEmkd - so what exactly would be more advanced? I covered Error, Union, Blind, exfil via DNS, dealing with errors, and IDS/WAF evasion. What would be better - stacked queries, magic quotes, UDF, what? PS..Dumbfuck??? really???? - I speak at conferences all over the world. I'd love to see you come to me and call me dumbfuck to my face.
@j0emccray Something new maybe; i've had 4 lines of code in a common header file for years that owns every thing you have described. In your defence you really did nail it the coding needs to be stupidly flawed.
The mention of param injection also makes no sense i mean i would seriously need to dynamicly run over _GET or _POST and just assume everything was valid and import them into my namespace.
This has been flagged as spam show
This guy is great hahahaha. GREAT Information and Great knowledge! :D one cool dude haha. PROLLY GETS MORE TANG THAN MOST PEEPZ AT DEFCON LOL
Pent5HT 1 day ago
this guy is fucking cool
guruleinii 2 weeks ago
This guy Joe is so awesome! i've leanred so much!
tyulik 3 months ago
Hats off to Joseph, really enjoyed your presentation. Thanks
Gridlock73 3 months ago 3
great guy for great tuto, good job
SHARED745 4 months ago
"Well now pentesting is different... You can't even walk in a barnes&noble without tripping over a security book"
I found this funny, since there's an XSS vulnerability on barnes&noble's website. lol
VerifyVolatile 5 months ago
This has been flagged as spam show
tinyurl(.)com/bmwsqli
Silly BMW website!
maximumrfan 5 months ago
@j0emccray Great presentation! I've been developing in PHP and MySQL for a few years and just recently had my first security issue. I used stumble upon to search for sql injection and stumbled onto this video. I probably could have taken a six week class and not gotten as much out of your presentation. Keep up the good work.
Denoteone1 5 months ago
Great presentation!!!
canc3r1msc 5 months ago
This is one cool guy.
andyrew148 6 months ago
SQL Injection... AGAIN? at DEFCON in.....2011? Come on!
viniciuskmax 6 months ago
@viniciuskmax actually this talk was a few years ago. This is DC17, and we just had DC19 a few weeks ago.
j0emccray 6 months ago
When he starts he says I dont teach Basic sql injection - DUMFUCK THIS IS BASIC SQL INJECTION!
Wolver1nEmkd 6 months ago
@Wolver1nEmkd - so what exactly would be more advanced? I covered Error, Union, Blind, exfil via DNS, dealing with errors, and IDS/WAF evasion. What would be better - stacked queries, magic quotes, UDF, what? PS..Dumbfuck??? really???? - I speak at conferences all over the world. I'd love to see you come to me and call me dumbfuck to my face.
j0emccray 6 months ago 19
@j0emccray You wouldn't want to get in trouble for beating up a twelve year old with a mental capacity of a sink plunger would you Wolve?
Microblitz 4 months ago
@j0emccray Something new maybe; i've had 4 lines of code in a common header file for years that owns every thing you have described. In your defence you really did nail it the coding needs to be stupidly flawed.
The mention of param injection also makes no sense i mean i would seriously need to dynamicly run over _GET or _POST and just assume everything was valid and import them into my namespace.
Meh learned nothing.
FragTheLag 4 months ago
@j0emccray lmao, we all love you bro.
And you're not here to clean ;D
VerifyVolatile 2 months ago
@Wolver1nEmkd he taught you Advanced sick burn lol
Cacawate 5 months ago
Thumbs up for all his years of experience and everything he put into it
FlentMan 6 months ago 18
awesome :D
Gangstangst 6 months ago
great watch
eatyoursouls 7 months ago
Also - incrementing the columns like that at 12:05 is long-winded.. It's better to use "ORDER BY column_number" - quicker and more efficient.
SeanOBriain 8 months ago
Just because it appears to be an integer doesn't always mean that it's actually an integer. You can have numerical strings.
SeanOBriain 8 months ago
ty for this lol :D
projecthackerdotnet 10 months ago